Home
Browse frameworks
Contact us
SAMMY premium
Sign in
SAMMY UI is optimized for resolutions with a width 1024px and higher.
AIMA
Browse AIMA
AIMA
ASVS
BSIMM 15
CIS Critical Security Controls
Cloud Controls Matrix
Cybersecurity Fundamentals
Cybersecurity Fundamentals 2.0
DSOMM
NIS2
NIST 800-171 Rev 2
NIST 800-171 Rev 3
NIST 800-34
NIST 800-53 v5
NIST CSF 2.0
NIST SSDF
OpenSAMM1.5
SAMM
Secure Controls Framework
Responsible AI Principles
Ethical and Societal Impact
Transparency and Explainability
Fairness and Bias
Governance
Strategy and Metrics
Policy and Compliance
Education and Awareness
Data Management
Data Quality and Integrity
Data Governance and Accountability
Data Training
Privacy
Data Minimization and Purpose Limitation
Privacy by Design and Default
User Control and Transparency
Design
Threat Assessment
Security Architecture
Security Requirements
Implementation
Secure Build
Secure Deployment
Defect Management
Verification
Security Testing
Requirement-based Testing
Architecture Assessment
Operations
Incident Management
Event Management
Operational Management
P-ML-A: Stream A
P-ML-B: Stream B
Maturity Level 1
Maturity Level 2
Maturity Level 3
P-ML-B-1
P-ML-B-1: Are explicit purposes clearly defined, communicated, and regularly reviewed?
No Formal Monitoring:
Privacy compliance and data usage not regularly monitored.
Incident-Based Learning:
Privacy improvements largely triggered by privacy incidents.
Lack of Metrics:
Privacy metrics or assessments are informal or absent.
0
1
2
3
Description
No Formal Monitoring:
Privacy compliance and data usage not regularly monitored.
Incident-Based Learning:
Privacy improvements largely triggered by privacy incidents.
Lack of Metrics:
Privacy metrics or assessments are informal or absent.
P-ML-B-2
P-ML-B-2: Is data minimization proactively embedded into data collection practices across all operations?
Routine Monitoring:
Regular audits and reviews of data practices and compliance with privacy policies.
Basic Metrics:
Privacy metrics (e.g., incident counts, data usage audits) routinely collected and reported.
Proactive Adjustments:
Metrics inform adjustments to practices, reducing privacy risks and improving compliance.
0
1
2
3
Description
Routine Monitoring:
Regular audits and reviews of data practices and compliance with privacy policies.
Basic Metrics:
Privacy metrics (e.g., incident counts, data usage audits) routinely collected and reported.
Proactive Adjustments:
Metrics inform adjustments to practices, reducing privacy risks and improving compliance.
P-ML-B-3
P-ML-B-3: Are stringent purpose limitation controls systematically enforced and audited?
Advanced Analytics:
Real-time monitoring and analytics of data usage, access, and compliance.
Predictive Privacy Management:
Proactive identification and mitigation of privacy risks through predictive analytics and automated controls.
Culture of Privacy Excellence:
Metrics drive organizational strategies, support transparency, foster user trust, and ensure regulatory compliance.
0
1
2
3
Description
Advanced Analytics:
Real-time monitoring and analytics of data usage, access, and compliance.
Predictive Privacy Management:
Proactive identification and mitigation of privacy risks through predictive analytics and automated controls.
Culture of Privacy Excellence:
Metrics drive organizational strategies, support transparency, foster user trust, and ensure regulatory compliance.